Cyber Incident Victim: Central Depository Services Limited
Date:
Nov 2022
Location:
India
Summary
India's leading securities depository detected malware affecting several internal machines, prompting immediate isolation of compromised systems and disconnection from capital market infrastructure to contain potential spread. The company initiated an investigation with cybersecurity advisors and reported the incident to relevant authorities, maintaining that no evidence indicated unauthorized access to confidential investor data or compromise of its nearly 75 million managed demat accounts. While operational disruptions occurred, including website downtime, the organization emphasized ongoing remediation efforts without confirming specifics regarding malware type or data exfiltration risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 18, 2022, Central Depository Services Limited (CDSL), India’s second-largest securities depository, disclosed in a filing with the National Stock Exchange that malware had compromised several internal machines within its network. The company detected the intrusion and responded by immediately isolating the affected systems to prevent further spread. As a precautionary measure, CDSL disconnected its infrastructure from other capital market participants, disrupting connectivity to external trading platforms. The filing emphasized no evidence indicated compromise of investor data or confidential information, though the investigation remained ongoing. CDSL did not disclose technical specifics of the malware, its entry vector, or the duration of undetected presence prior to discovery. Concurrently, the company’s public website became inaccessible, though CDSL declined to confirm whether this outage was related to the malware incident.
CDSL initiated an investigation with cybersecurity advisors to assess the incident’s scope and impact, collaborating with undisclosed regulatory authorities. The company, managing approximately 75 million demat accounts for investors nationwide, stated its priority was restoring secure operations while maintaining market integrity. Shareholders, including Bombay Stock Exchange, Standard Chartered Bank, and Life Insurance Corporation, were not reported to have issued separate statements regarding the incident. CDSL’s spokesperson declined to address inquiries about network logging capabilities or potential data exfiltration, citing ongoing resolution efforts. The incident highlighted operational risks to India’s financial infrastructure, though CDSL maintained public assurances regarding investor asset safety throughout its containment and analysis phases.